OzLog unveiled: Senate lays data retention bare

A flood of new information emerged this afternoon in Federal Parliament about the controversial and secretive proposal by the Attorney-General’s Department (AGD) to force internet service providers to store a wealth of information pertaining to Australians’ emails and telephone calls.

The proposal — known popularly as ‘OzLog’ — first came to light in June this year, when AGD confirmed it had been examining the European Directive on Data Retention (PDF) to consider whether it would be beneficial for Australia to adopt a similar regime. The directive requires telcos to record data such as the source, destination and timing of all emails and telephone calls – even including internet telephony.

In the first day of an inquiry into online privacy held today by the Senate’s Environment and Communications References Committee, senior AGD public servant Catherine Smith admitted she could not precisely remember when discussions around the issue commenced.

“Can I say it’s been around for a very long time — I can’t remember how it started,” Smith said. The public servant is assistant secretary of AGD’s Telecommunications and Surveillance Law Branch.

Under sustained pressure from Greens Senator Scott Ludlam, Smith and her colleague Wendy Kelly — director of the same branch — said the origins of the project related to the way that law enforcement authorities and certain branches of government such as AGD had been working with the telecommunications industry for years on the issue of telecommunications interception to aid in crime-fighting.

The industry, Smith said, was in the habit of forewarning law enforcement when new technologies would come into play that might diminish the ability to investigate crime.

Sometimes measures to deal with new technologies would end up becoming legislation. Smith described the legislation around telecommunications legislation as being “constantly under review” due to the impact of new technologies — a process that Ludlam described as parliament receiving amendments to the Telecommunications (Interception and Access) Act “every twenty minutes”.

Australian Federal Police assistant commissioner, Neil Gaughan — the national manager of the AFP’s High Tech Crime Operations centre, said the data retention proposal in its essential nature was just law enforcement asking for “the status quo to remain” in terms of its ability to conduct investigations using telecommunications interception.

“Data retention will not give agencies new powers — it will ensure that existing capabilities remains available,” Smith agreed.

Examples used during the session, for example, related to the way that the onset of internet telephony was making it hard for law enforcement to track phone calls in the same way they had with traditional analogue telephony.

Kelly described the data retention proposal in terms of the “dataset” of information that law enforcement agencies could collect. The set of information — for example, call logs — that the telco sector was collecting had changed, and different companies were storing it for different period, she said — ranging from days to years.

The AGD representatives committed to providing the committee — which also includes Liberal Senator Mary Jo Fisher, for example, and Labor Senator Doug Cameron — with a private and confidential briefing at a later date to give it a better idea of the data being collected.

“It contains information that could be prejudicial to law enforcement if it was released,” said Smith.

Gaughan gave an example of an operation — dubbed ‘Centurion’ — that the AFP carried out in 2008 which it needed the sort of data that would be collected under the OzLog scheme. The agency started off with just “IP addresses”, he said, but ended up being able to execute some 340 search warrants for child pornographic materials, arresting 140 people and confiscating 100,000 illegal images.

In addition, he said, the operation saved four children who were potentially at risk of child abuse.

It has previously been unclear to what extent AGD had consulted regarding the data retention proposal — with some ISPs believed to have been sworn to non-disclosure agreements regarding the matter. However, today Smith said wide consultation had been undertaken — including ISPs and representative groups such as the Communications Alliance, the Department of Prime Minister and Cabinet and the Office of the Privacy Commissioner.

It was unclear, however, what the next steps in the development of the proposal will be. Smith said the department was still considering the merits of the data retention proposal. “There’s been no decision on where and how we’ll take this forward,” she said. “I don’t have any instructions — we’re still gathering information.”

When pressured by Ludlam on the matter of public consultation, Smith said that would be a matter for the Government to decide. “We are still looking at the options — to take something forward to a broader view, wouldn’t be appropriate,” she said.

However, the AGD representatives did give a nod towards airing the proposal in public — stating they were committed to “an open, transparent and consultative process”.

It’s obvious that ‘premature debate’ has caused them to backtrack a bit. Kudos to Ben Grubb for bringing this to our attention in the first place. The more people like Renai and Ben and others that keep shining a light on the practices of these bureaucrats the better.

“Can I say it’s been around for a very long time — I can’t remember how it started,”

‘I’m sorry, you didn’t make file notes which were put into your agencies corporate records system’ should have been Ludlam’s response to that question. Any public servant worth their salt knows that notes regarding significant conversations, policy issues and the like should be documented in a file note for inclusion in the agency’s corporate records system.

I’d be pressing them much further on the question, if only for the Committee to recommend further investigation into how well records keeping practices are followed to prevent public servants giving such lacklustre and frankly inexcusable answers.

Will there be a system in place for individuals to review what has been collected about them and potentially correct any errors? Such as if criminals begin breaking into peoples’ homes to steal their Internet access and cover their tracks – or do so remotely via wardriving or worms?

“Errr.. yeh. Hello, Attorney General’s department? You know on my internet record, where yesterday it says that I went on .com? Oh, no no no no. There was a mistake. It was actually google.com. I’d like you to correct that mistake.”

The path that this country is going down is despicable. With that said, though, there are crafty people out there who will respond in kind.

This will do nothing more than to further instigate the arms race between governments who attempt to oppress their citizens, and those citizens who are daring and cunning enough to undermine those attempts.
Such an arms race hasn’t really existed in Australia up until now — unlike the Chinese, among others, we haven’t had a need to subvert the government. It’s clear that subversion is going to be quite necessary from here on.
And know this, Australia’s bureaucrats: You will lose.
There are those out there, not in your employ, who are far bolder and brighter than those doing your bidding; and I’m not talking about that clown who was arrested for egging people on when it came to the attacks on government websites, who was laughably described as a ‘terrorist’ by the magistrate.

What happens when protocols are created that stop the middleman (the customer’s ISP) from knowing the websites that people visit, by default? No tunneling, no VPN services that must be paid for.
Out of the box encryption between the end users and a trusted entity, such as DNS provided by Google.

Adding a handshake before a DNS request would completely break something like this — and it’s a trivial task to accomplish.
The mathematical property of the diffie-hellman key exchange would make it implausible, if not impossible, for any Australian organisation to even become aware of the URLs being viewed.

All users could use the darknet / invisible net. It has its own web sites, email, chat, p2p etc. This would make it very difficult for the Government or however to know your business. Refer http://en.wikipedia.org/wiki/I2p

Welcome! We were an energetic and engaged community of Australians who worked with or who were interested in technology -- all sorts of IT professionals, IT managers, CIOs, tech policy-makers and tech enthusiasts.

All content copyright to LeMay & Galt Media Pty Ltd.

FOLLOW US

Renai's new site

Delimiter publisher Renai LeMay has launched a new website focused on science fiction and fantasy books. Click below to check it out!